package project.base.common.filter

import org.apache.commons.lang3.StringUtils
import org.apache.commons.text.StringEscapeUtils
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletRequestWrapper

/**
 * xxs攻击 Sql 脚本过滤
 * @author: 三味
 * @update: 2022/3/3 15:44
 */
class XssAndSqlHttpServletRequestWrapper : HttpServletRequestWrapper {

    private var request: HttpServletRequest? = null

    constructor(request: HttpServletRequest?) : super(request) {
        this.request = request
    }

    override fun getParameter(name: String?): String? {
        var value = request!!.getParameter(name)
        if (!StringUtils.isEmpty(value)) {
            value = StringEscapeUtils.escapeHtml4(value)
        }
        return value
    }

    override fun getParameterValues(name: String?): Array<String>? {
        val parameterValues = super.getParameterValues(name) ?: return null
        for (i in parameterValues.indices) {
            val value = parameterValues[i]
            parameterValues[i] = StringEscapeUtils.escapeHtml4(value)
        }
        return parameterValues
    }
}
